...
InCommon is launching an easier method for participants to provide collaborative services for researchers and scholars via their federated identities by reducing the overhead of policy interpretation, inter-institutional agreements and system configuration. This method categorizes service providers (SPs) to simplify the configuration of identity providers (IdPs); the result is that researchers can successfully access SP sites without delay and without contacting their local IDP admin. The newly defined Research & Scholarship (R&S) category will apply to service providers that support research and scholarly activities such as virtual organizations and campus-based collaboration services. Participating IdPs will agree to release a minimal set of attributes to the R&S category with a one-time addition to their default release policies, a simpler and more scalable approach than negotiating such release bilaterally with every service provider.
...
- The service enhances the research and scholarship activities of some subset of the InCommon community.
- The service does not require contracts with IdPs.The service meets the following technical requirements:
- The SP is a production SAML deployment.
- The SP's metadata has been submitted to InCommon and published in a human-readable format on the InCommon public web site.
- The SP refreshes and verifies metadata at least daily.
- The SP provides an
mdui:DisplayName
in metadata (one of numerous User Interface Elements). - The SP supports the SAML V2.0 HTTP-POST binding (one of numerous SAML V2.0 endpoints in metadata)
- The SP provides Technical and Administrative contacts in metadata.
- The SP provides requested attributes in metadata.
...
- An entity attribute is inserted into metadata.
- The new R&S SP is added to a web page listing members of the R&S category.
- An announcement is sent to the announce@incommon.org email list and/or the monthly newsletter.
Implementation Considerations for Service Providers
It is important that the implementation and deployment of all InCommon services facilitate their initial on-boarding processes to avoid operational and technical impediments to adoption, as described in Recommended Practices.
More specifically, R&S services generally have a broad user community, often including people who do not have a close relationship with the Service Provider, nor do those people's IdPs. For this reason, R&S Service Providers are encouraged to consider the following guidelines:
- The service should not require out-of-band negotiation with IdPs.
- The service should request a subset of R&S Category Attributes, and furthermore, the service should request only those attributes it absolutely needs. (See the section on R&S Category Attributes for details.)
- The SP should fully support SAML V2.0 Web Browser SSO (see the SP Endpoints in Metadata wiki page).
- The SP should provide a complete set of User Interface Elements in metadata. In particular, a Privacy Statement and a Logo are highly recommended.
- In addition to the Technical and Administrative contacts in metadata required of all SPs, a Security contact should also be provided (once that option becomes available).
- The SP should strive to provide a good, overall user experience. In particular, the SP should intelligently handle errors involving the release of requested attributes.
Policy Considerations for Identity Providers
...